tessl/npm-lodash--escape
The lodash method _.escape exported as a standalone module for converting HTML entities in strings
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
To install, run
npx @tessl/cli install tessl/npm-lodash--escape@3.2.00
# lodash.escape
1
2
lodash.escape is the lodash method `_.escape` exported as a standalone module. It provides HTML entity escaping for strings to prevent XSS attacks by converting HTML special characters (&, <, >, ", ', `) to their corresponding HTML entities.
3
4
## Package Information
5
6
- **Package Name**: lodash.escape
7
- **Package Type**: npm
8
- **Language**: JavaScript
9
- **Installation**: `npm install lodash.escape`
10
11
## Core Imports
12
13
```javascript
14
const escape = require('lodash.escape');
15
```
16
17
For ES modules:
18
19
```javascript
20
import escape from 'lodash.escape';
21
```
22
23
## Basic Usage
24
25
```javascript
26
const escape = require('lodash.escape');
27
28
// Basic HTML escaping
29
const userInput = 'Hello <script>alert("XSS")</script> & welcome!';
30
const safeHtml = escape(userInput);
31
console.log(safeHtml);
32
// => 'Hello <script>alert("XSS")</script> & welcome!'
33
34
// Common use case: preparing data for HTML attributes
35
const userName = 'John "Johnny" O\'Malley';
36
const htmlAttribute = `<div data-user="${escape(userName)}">`;
37
// => '<div data-user="John "Johnny" O'Malley">'
38
```
39
40
## Capabilities
41
42
### HTML Entity Escaping
43
44
Converts HTML special characters in strings to their corresponding HTML entities to prevent XSS attacks and ensure safe rendering in HTML contexts.
45
46
```javascript { .api }
47
/**
48
* Converts the characters "&", "<", ">", '"', "'", and "`" in string to their corresponding HTML entities.
49
* @param {string} [string=''] - The string to escape.
50
* @returns {string} Returns the escaped string.
51
*/
52
function escape(string)
53
```
54
55
**Character Mappings:**
56
57
| Input Character | HTML Entity |
58
|----------------|-------------|
59
| `&` | `&` |
60
| `<` | `<` |
61
| `>` | `>` |
62
| `"` | `"` |
63
| `'` | `'` |
64
| `` ` `` | ``` |
65
66
**Important Notes:**
67
68
- The forward slash `/` character is **not** escaped, as it doesn't require escaping in HTML
69
- Only the six specific characters listed above are converted to entities
70
- Null and undefined values are converted to empty strings
71
- Non-string inputs are automatically converted to strings before processing
72
- Performance optimized: only performs replacement if unescaped characters are detected
73
74
**Usage Examples:**
75
76
```javascript
77
const escape = require('lodash.escape');
78
79
// All escapable characters
80
escape('&<>"\'`');
81
// => '&<>"'`'
82
83
// Mixed content with unescapable characters
84
escape('Hello & goodbye/world');
85
// => 'Hello & goodbye/world'
86
87
// Empty and null handling
88
escape(''); // => ''
89
escape(null); // => ''
90
escape(undefined); // => ''
91
92
// Non-string input
93
escape(123); // => '123'
94
escape(true); // => 'true'
95
96
// Strings with no escapable characters
97
escape('Hello world'); // => 'Hello world'
98
99
// Template usage
100
const templateData = {
101
title: 'News & Updates',
102
content: 'Check out our "latest" features!'
103
};
104
105
const html = `
106
<h1>${escape(templateData.title)}</h1>
107
<p>${escape(templateData.content)}</p>
108
`;
109
// Safe HTML output with escaped entities
110
```
111
112
**Common Use Cases:**
113
114
- Escaping user input before rendering in HTML
115
- Preparing strings for HTML attributes (data-*, class names with quotes, etc.)
116
- Template rendering where HTML escaping is required
117
- API responses that will be inserted into DOM
118
- Form data processing for web applications
119
- Preventing XSS attacks in dynamic content